Postfix
OpenDKIM 未簽名但沒有錯誤
我已經在 ubuntu 16.04 主機上設置了帶有後綴的 opendkim (2.10)。根據日誌,一切都很好(即沒有錯誤),但郵件沒有被簽名。我可以看到 postfix 正在向 OpenDKIM 傳遞消息(因為我停止了 opendkim,postfix 抱怨它不存在),但我對 OpenDKIM 本身沒有可見性。
這是我得到的配置:
opendkim.conf:
Canonicalization relaxed/relaxed ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts KeyTable refile:/etc/opendkim/KeyTable LogWhy Yes MinimumKeyBits 1024 Mode sv PidFile /var/run/opendkim/opendkim.pid SigningTable refile:/etc/opendkim/SigningTable # Must agree with value in /etc/default/opendkim. Socket inet:8891@localhost ## Postfix puts itself in a chroot jail and can't see this in the ## default location. So just use TCP. # Socket local:/var/run/opendkim/opendkim.sock Syslog Yes SyslogSuccess Yes TemporaryDirectory /var/tmp UMask 022 UserID opendkim:opendkim # Always oversign From (sign using actual From and a null From to prevent malicious # signatures header fields (From and/or others) between the signer and the verifier) OversignHeaders From # Hashing Algorithm SignatureAlgorithm rsa-sha256 # Auto restart when the failure occurs. CAUTION: This may cause a tight fork loops AutoRestart Yes
鍵表:
nantes-1.p27.eu p27.eu:mail:/etc/opendkim/p27.eu.key
簽名表:
*@p27.eu nantes-1.p27.eu *@transport-nantes.com nantes-1.p27.eu
受信任的主機:
127.0.0.1
後綴/main.cf:
# [...] # OpenDKIM smtpd_milters = inet:127.0.0.1:8891 non_smtpd_milters = $smtpd_milters milter_default_action = accept # Postfix v3 so milter protocol 6 and not 2. milter_protocol = 6 # There was a time, at least, when "auth_type" was not passed by default. # I've not been able to determine if this still matters or not. milter_mail_macros="i {mail_addr} {client_addr} {client_name} {auth_type} {auth_authen}"
測試:
發送郵件不會導致日誌中出現錯誤,但該郵件未經過 dkim 簽名。當我在本地測試時,我看到了:
[T] jeff@nantes-1:~ $ opendkim-testkey -d p27.eu -s mail -vvvv opendkim-testkey: using default configfile /etc/opendkim.conf opendkim-testkey: checking key 'mail._domainkey.p27.eu' opendkim-testkey: key not secure opendkim-testkey: key OK [T] jeff@nantes-1:~ $ opendkim-testkey -d transport-nantes.com -s mail -vvv opendkim-testkey: using default configfile /etc/opendkim.conf opendkim-testkey: checking key 'mail._domainkey.transport-nantes.com' opendkim-testkey: key not secure opendkim-testkey: key OK [T] jeff@nantes-1:~ $
有什麼建議我做錯了什麼或如何進一步調試?
附錄:解決方案
ubuntu 16.04 OpenDKIM 解決方案由此產生了 OpenDKIM:
/usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/ope dkim.pid -p inet:8891@localhost
解決方案是
/etc/opendkim.conf
而不是/etc/opendkim/opendkim.conf
. (在某處我讀過/etc/opendkim/opendkim.conf
,正確或不正確,我永遠都讀過一樣。)
ubuntu 16.04 OpenDKIM 解決方案由此產生了 OpenDKIM:
/usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim \ -P /var/run/opendkim/ope dkim.pid -p inet:8891@localhost
解決方案是使用 /etc/opendkim.conf 而不是 /etc/opendkim/opendkim.conf。(在某個地方,我會正確或錯誤地閱讀 /etc/opendkim/opendkim.conf,而我在閱讀後永遠都一樣。)
換句話說,這是人類大腦中的一個已知錯誤(看到靠近右邊的東西,此後每次都看到相同的東西)和 OpenDKIM 的一個奇怪的約定違反(通常是創建一個子目錄
/etc/
而不是直接放置文件in/etc/
,特別是如果您以後需要更多文件時)。